Dr. Tom's ISA Server 2004 Firewall Blog

Dr. Tom Shinder's ISA Server Firewall Blog

ISA Firewall Site to Site VPN Quick Fix

If you've been trying to create a site to site VPN using 2004 ISA firewall using a pre-shared key only, I feel your pain. You've probably seen that it doesn't work. The key is to not configure the pre-shared key in the Remote Site Wizard. Instead, leave the pre-shared key checkbox unchecked. Then click the VPN Clients tab in the Details pane, and click the Select Authentication Methods link on the Tasks tab in the Task Pane. On the Authentication tab in the Virtual Private Networks (VPN) dialog box, put a checkmark in the Allow customer IPSec policy for L2TP checkbox and enter the pre-shared key. Use the same procedures and the same key on all your VPN gateways. Keep in mind that remote access VPN clients and VPN gateways will be able to use this key -- so if you can do anything about it, always try to use certificates instead of pre-shared keys. Remember, using pre-shared keys reduces the level of security provided by the ISA firewall to that of a lowly PIX packet filter!

HTH,
Tom

Posted: Oct 07 2004, 09:57 AM by shinder | with 10 comment(s)

Comments

shinder said:

Hi tom, i have the same problem , but i cant leave the preshared key checkbox unchecked, i have only two options one y preshared and the other is certficates, so what do i have to do?

Regards
# October 15, 2004 5:04 PM

shinder said:

Ah in you article all work!!!
how???
# November 2, 2004 1:16 PM

shinder said:

Of course it works! I do it exactly how I write it in the articles and it always works.

HTH,
Tom
# November 2, 2004 1:17 PM

shinder said:

You cannot leave it uncheck because it is not a checkbox! You have to choose between "Certificate" or "Preshared key"...so how did you put that to work?
# November 15, 2004 4:06 AM

TrackBack said:

^_^,Pretty Good!
# April 12, 2005 11:32 PM

TrackBack said:

^_^,Pretty Good!
# April 16, 2005 3:27 AM

TrackBack said:

^_~,pretty good!csharpsseeoo
# May 19, 2005 7:38 PM

shinder said:


If you're running a unix firewall (linux, osx), then
forwarding pptp is a breeze: check out pptp proxy
http://www.mgix.com/pptpproxy
# July 9, 2005 10:57 PM

TrackBack said:

ISA Firewall Site to Site VPN Quick Fixooeess
# July 22, 2005 10:12 AM

TrackBack said:

ISA Firewall Site to Site VPN Quick Fixooeess
# August 3, 2005 8:32 PM
Leave a Comment

(required) 

(required) 

(optional)

(required)